Cyber Resilience

Threat actor · all actors

EquationG0020 state

🇺🇸 US · NSA · TAO

aka Equation, Equation Group, Tilded Team, EQGRP, G0020

Last updated: 2026-07-03

3attributed CVEs
7ATT&CK techniques
11.1IDF score (tooling uniqueness)
1exclusive CVEs
2010–2022years active

About this actor

[Equation](https://attack.mitre.org/groups/G0020) is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives. (Citation: Kaspersky Equation QA)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2010-2568 KEV10.07.80.97342010-07-22see CVE
CVE-2012-0159 8.00.00.85682012-05-09see CVE
CVE-2013-3894 8.08.10.93122013-10-09see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
AC-21 / 714%
AC-31 / 714%
AC-51 / 714%
AC-61 / 714%
CM-21 / 714%
CM-31 / 714%
CM-51 / 714%
CM-61 / 714%
CM-81 / 714%
IA-21 / 714%
IA-71 / 714%
IA-81 / 714%
RA-91 / 714%
SA-101 / 714%
SA-111 / 714%

Co-occurring actors

Similar actors

Overlapping CVEs

Active in same years